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<§> Identification card. 

@ An identification card (5), used for data communication 
between an on-line terminal (2) and a host system (1), has 
an IC chip (17) mounted thereon. The IC chip (17) includes a 
key code generating circuit (22) which generates a key code 
from a preassigned code number stored in the memory (21) 
of the chip and a random number supplied from the host 
system through a card terminal (19). An encrypter (23), 
which is on the card (5) and is part of the IC chip, encrypts 
output data from the memory (21), using the key code, be- 
fore that data is sent to the host system (1) via the terminal 
(2). 
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IDE NTIFICATION- CARD 

The present invention relates to a card, such as an 
identification card or credit card, for use in a data 
5 communication system which has a self-contained capability 
of protecting transmitted data against unauthorized use. 

In data communication systems, such as a data 
communication system including on-line terminals (or 
automatic teller machines) coupled to a bank centre, it has 

10 always been important to protect transmitted data against 
unauthorized use. Recently, because of the popularization 
of personal computers, which can be used as on — line 
terminals in an office or home, it has become even more 
important to protect data transmitted in a communication 

15 system against unauthorized use. 

Identification cards with self-contained memory are 
known for use in authenticating personnel and/or equipment. 
For the purpose of data protection, the memory of such 
identification cards (hereinafter called ID cards) stores a 

20 key code and the on-line terminal encrypts transmitted data 
using the key code received from the ID card. Examples of 
such a system are disclosed in U.S. Patent Nos. 3,764,742 
and 4, 123, 747. 

Other known ID cards employ a protection system in 
25 which random numbers are supplied to the ID card by an on- 
line terminal- The ID card outputs a key code in response 
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to the random number and an encrypting circuit within the 
on-line terminal then encrypts transmitted data according to 
the "key code. However, such a protection system only works 
well if use of the on-line terminals is subject to direct 
control by the bank centre or access to the internal 
operating system is restricted* 

In the known protection systems described above, the 
key code must be outputted from the ID card and supplied to 
an encrypting circuit in the on-line terminal. The step of 
outputting the key code from the ID card is undesirable 
because the outputted key code is prone to unauthorized use. 
For example, an unauthorized user could steal original data 
subject to data transmission by using decrypters available 
on the market. These decrypters could be used to monitor or 
tap the key code from the ID card and the encrypted data 
transmitted from the encrypting circuit. Alternatively, in 
ID cards which store original data for direct transmission, 
such as the unauthorized amount or transaction limit for the 
owaer of the ID card, the owner could cut the output line 
for .the original transmitted data and insert, other forged 
data. Thus, conventional protection systems for preventing 
unauthorized use and forgery of transmitted data are 
inadequate. 

It is an object of the present invention to provide an 
identification card which is capable of preventing 
unauthorized use and forgery of transmitted data. 
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The invention relates to a card having a self-contained 
integrated circuit for communicating with a data 
communication system with which the card is to be used, the 
integrated circuit including memory means for storing data 
to be outputted to the communication system; and is 
characterised in that the memory means stores a code number 
preassigned individually to the card and in that the 
integrated circuit further includes key code generating 
means for generating a key code by a logical operation 
between the preassigned code number in the memory means and 
a random number supplied to the card by the communication 
system, and encrypting means connected to the memory means 
and the key code generating means for encrypting data stored 
in the memory means and to be outputted to the communication 
system, using the key code derived from the key code 
generating means. 

In the use of the card of the present invention, the 
key code for encryption cannot be monitored or tapped from 
outside the card and encrypted transmitted data can only be 
taken from the card. Thus, the important information 
contained in the transmitted data is protected against 
unauthorized use or forgery even when the on-line terminals 
are not under the direct control of the bank centre or 
information centre of the data communication system, for 
example, when the on-line terminal is a personal computer 
used in the home or a portable terminal. 
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The invention will be more readily understood by vay of 
example from the following description of ID cards in 
accordance therewith and their use in data communication 
systems. Reference is made to the accompanying drawings, in 
whi ch: 

Figure 1 is a block diagram of a cash management system 
in which a first embodiment of the ID card is used, 

Figure 2 i s an example of the ID card incorporating an 
IC chip having a self-contained encrypting function, 

Figure 3 is a basic block diagram of the electrical 
circuits formed on the IC chip of Figure 2, 

Fi gure 4 is a block di agram of the host system shown in 
Figure 1, 

Figure 5 is a flow chart of the communication between 
the on-line terminal and the host system, 

Figure 6 is a block diagram of the card reader/writer 
shown in Figure 1, 

Figure 7 is a basic block diagram of the electrical 
circuits formed on a second embodiment of IC chip, 

Figure 8 is a flow chart of the communication between 
the terminal and the host system for the second embodiment 
of the IC chip of Figure 7, 

Figure 9A is an example of a third embodiment of IC 
chip, and 

Figure 9B i s a memory map of a control ROM used in the 
IC chip shown in Figure 9A. 
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Figure 1 is a bl ock diagram of a basic cash mangagement 
system (CMS) which illustrates one example of the 
application of the identification card (ID card) of the 
present invention. The CMS includes host system 1 and a 
5 plurality of on-line terminals 2, each of which is connected 
to host system 1 through public communication line 3. For 
simplicity, only one terminal 2 is shown in Figure 1. The 
host system is a bank computer with a data base for use in 
performing a plurality of services. Terminal 2 generally 

10 includes a conventional personal computer system and card 
reader/writer (CRW) 4 to read/write ID card 5. 
Specifically, terminal 2 includes main frame personal 
computer 6 having RS-232C interface 7, display unit 8, 
printer 9, floppy disk unit 10 and keyboard 11. For 

15 example, a 16-bit personal computer "known as PASOPIA 16 
(tradename) made by Toshiba Corporation can be used as main 
frame personal computer 6. Terminal 2 further includes on- 
line interface controller 12 to communicate with host system 
1 through line 3 and interface controller 13 to control 

20 operation of CRW 4 through RS-232C standard interface 7. 

Any operator of the above described terminal can easily 
communicate with host system 1 by inserting card 5 into CRW 
4 at any place such as an office, home, etc. However, since 
personal computer programs can be easily analysed and 

25 modified by a person skilled in computers, a more reliable 
data protection system is required to prevent malicious, 
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unauthorized use of the on-Jine terminal. 

Figure 2 shows an ID card, which includes an IC chip, 
according to a preferred einbodi ment of this invention- Card 
5 has a typical embossed portion 15, magnetic strip 16 for 
storing a personal identification number (PIN) as proof of 
identity, IC chip section 17 and input/output portion 18 for 
electrically connecting the IC chip to terminal 2. 
Input/output portion 18 includes a plurality of contact 
terminals 19 through which power is supplied and data is 
transmitted to or from the terminal. 

Figure 3 shows a block diagram of the electrical 
circuits forming IC chip 17* PN memory 20, data memory 21, 
key code generating logic circuit (KGL) 22 and encrypter 23 
are integrated in one IC chip 17. PN memory 20 stores 
preassigned code number PN which is assigned to the user of 
the particular ID card, i.e. different preassigned code 
numbers are assigned to each ID card. Preassigned code 
number PN is unknown to the owner or operator of card 5, 
while the operator does know his PIN number. Data memory 21 
stores important output data such as the account number of 
the owner of the ID card, a transaction limit amount given 
to the owner by the bank, etc. Key code generating logic 
circuit (KLG) 22 is a logic circuit for generating a key 
code by a logical operation between the preassigned code 
number and a random number supplied to the ID card through 
input terminal 19,. The logical operation should be kept 
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secret, but it is usually unnecessary to use a very 
complicated logical operation- A simple logical operation, 
for exampJe, an exclusive-OR operation between every bit of 
two numbers would suffice. 

Encrypter 23 encrypts output data from data memory 21 
using the key code derived from KGL 23; encryption takes 
place in accordance with the data encryption standard (DES). 
Encrypter 23 preferably is formed of a programmed 
microprocessor having a DES program subroutine- The 
encrypted data is outputted through output terminal 19 2# 

Figure 4 shows a block diagram of an example host 
system 1. Host system 1 includes data base 30 for storing 
information relating to all customers and host controller 31 
for retrieving data from data base 30 and communicating with 
the on-line terminals* Random number generator 32, which is 
used in conventional data protection systems, is provided 
for generating random number (RN) and outputting this number 
when accessed. Master file 33 is provided for storing a 
plurality of master cards, each corresponding to one of the 
ID cards of all customers. Master card 34 includes PN 
memory 35 and key code generating logic circuit (KGL) 36. 
PN memory 35 stores the same preassigned code number PN 
stored in PN memory 20 of ID card 5. KGL also includes the 
same logic elements as is used in KGL 23 of ID card 5. 
Decrypter 37 is provided for decrypting data transmitted by 
on-line terminal 3. Data memory 38 stores the decrypted 




0138386 

8 

data outputted from decrypter 37. 

Figure 5 is a flow chart showing communication between 
the on-line terminal and the host system. Terminal 2 is 
initialized upon power on by the operator. Personal 
5 computer (PC) 6 loads programs from floppy disc unit 10 and 
maintains the telephone line through which it communicates 
with the host system. After initialization, display 8 
displays a message for prompting the operator to insert his 
card and then PC 6 outputs a take-in command to CRW 4. 

10 Referring to Figure 6, the take-in command is supplied 

to microprocessor (MP) 40 which acts as a controller for CRW 
4. Responding to the take-in command, MP 40 waits for a 
sensing signal from card sensor 41. When the operator 
inserts his card into card insertion port 42, card sensor 41 

15 outputs the sensing signal to MP 40. MP 40 activates driver 
42 which drives a plurality of pairs of conveyor roller 43 
disposed along guide 44 so that the ID card is conveyed from 
port 42 to a predetermined position along guide 44. During 
conveyance of ID card 5, strip reader 47 having a magnetic 

20 head reads the PIN numbers stored on magnetic strip 16. MP 
40 then supplies the PIN number to PC 6. 

After the ID card is taken in, MP 40 activates contact 
device 45, which has a plurality of contact pins 46 
corresponding to contact terminals 19 on the ID card. 

25 Contact device 45 mechanically contacts contact pins 46 with 
contact terminals 19 to establish electrical connection 
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between IC chip 17 on the ID card and PC 6. Then MP 40 
supplies a ready signal to PC 6, 

Responding to the ready signal, PC 6 instructs display 
unit 8 to display a message which prompts the operator to 
input the PIN number. The PIN number is entered from 
keyboard 11 by the operator. PC 6 compares the PIN number 
entered from the keyboard and the PIN number read out from 
magnetic strip 16. If PC 6 fails to detect coincidence of 
PIN numbers, then a take-out command is supplied to CRW 4 
for taking out the ID card. If PC 6 detects coincidence of 
PIN numbers, it transmits the PIN number to the host system 
through communication line 3. 

After host controller 31 receives the PIN number, it 
electrically or mechanically selects the master card 34 from 
master file 33 corresponding to the particular PIN number. 
Then host controller 31 receives a random number RN from 
random number generator 32 and supplies it to KGL 36 of the 
selected master card 34 and PC 6 through communication line 

'. After receiving random number RN, PC 6 supplies a 
transfer command followed by random number RN to MP 40. MP 
40 supplies randon number RN to KGL 22 of ID card 5 through 
contact pin 46 and contact terminal 19^ Then KGL 22 
generates a key code from preassigned code number PN of PN 
memory 20 and random number RN from the host system. Upon 
receiving the key code from KGL 22, encrypter 23 encrypts 
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the output data stored in data memory 21. The encrypted 
data is supplied to MP 40 through contact terminal 19 2 and 
contact pin 46. Then MP 40 supplies the encrypted data to 
PC 6. PC 6 sends the encrypted data to host controller 31 
through communication line 3. 

The host controller supplies the encrypted data 
transmitted from the on-line terminal to decrypter 37. 
Decrypter 37 decrypts the encrypted data using the key code 
generated by KGL 36 of master card 34. The decrypted data 
from decrypter 37 is stored in data memory 38. After 
checking the decrypted data, host controller 31 accesses 
data base 30 in accordance with the decrypted data, which 
includes the account number and the transaction limit 
amount, so that a transaction between the operator and bank 
can occur. 

At the end of the transaction, PC 6 supplies a take-out 
command to MP 40. MP 40 instructs contact device 45 to 
release contact pins 46 from contact terminals 191, and. then 
instructs driver 42 to take out ID card 5. 

According to the aforementioned embodiment, terminal 2 
only functions to guide the operator as to what he should do 
next and transfers data commands. The most important 
encryption is executed within IC chip 17 of ID card 5. The 
operator cannot monitor the key code and cannot supply any 
other data to encryptor 23 even if he analyses the programs 
of PC 6. Therefore, unauthorized users are prevented from 
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supplying malicious data to the host system by using the 
account number of another person, and the owner of the ID 
card is prevented from making an improper transaction such 
as executing a transaction exceeding a predetermined limit. 

Figure 7 shows the block diagram of the electrical 
circuits of an IC chip of another embodiment of ID card* 
The IC chip includes input/output control circuit 50, data 
memory 51, key code generating logic circuit (KGL) 52, 
encrypter/decrypter 53, read control circuit (RCC) 54 and 
write control circuit (WCC) 55. Data memory 51 stores the 
PIN number, preassigned code number PN # the account number, 
account balance information, etc. The above data, which is 
read out by RCC 54 and WCC 55, is provided for updating the 
account balance information after each transaction. Since 
the PIN number is stored in data memory 51, magnetic strip 
16 of ID card 5 and strip reader 67 of CRW 4 are unecessary. 

Figure 8 is a flow chart showing communication between 
the on-line terminal and the host system using an ID card 
which has an IC chip as shown in Figure 7. Most operations 
ajr ^ "similar- to those described above in connection with 
Figure 5 except: 

(a) the IC chip checks the PIN number; and 

(b) the IC chip decrypts transmitted data from the 
host system and writes it into the data memory. 

After the PIN number is entered at keyboard 11 by the 
operator, PC 6 supplies a check command followed by the 
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entered PIN number to MP 40. MP 40 transfers the check 
command and PIN number to input/output control circuit (ICC) 
50. Then ICC 50 drives RCC 54 to read the PIN number stored 
an data memory 51, and compares the entered PIN number with 
5 the stored PIN number. If ICC 50 does not detect 
coincidence, it outputs the take-out command to MP 40. If 
ICC 50 detects coincidence, it outputs a verified signal to 
MP 40. MP 40 then transfers the verified signal to PC 6 and 
PC 6 continues to operate in the manner shown in Figure 5. 
10 At the end of the transaction, the host controller has 

new account balance information. This information is 
encrypted by an encrypter (not shown) provided in host 
system I and the encrypted data relating to the new account 
balance information is sent to on-line terminal 1. After 
15 receiving the encrypted data, PC 6 supplies a write command 
followed by the encrypted data to MP 40. MP 40 then 
transfers this data to ICC 50. 

ICC 50 supplies the encrypted data to 
encrypter/decrypter 53 for decryption. Upon receiving the 
20 decrypted data, which is the new account balance 
information, ICC 50 drives WCC 55 to write this information 
into data memory 51 of the ID card. After that, ID card 5 
is taken out of CRW 4 in the manner shown in Figure 5. 

The above operation also applies to the ID card using 
25 an IC chip having a microprocessor such as shown in Figure 
9A. Control ROM 61 is a read only memory storing the 
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control program for microprocessor 60. Figure 9B shows a 
memory map for control ROM 61 including such programs as a 
main routine, an I/O subroutine for sending and/or receiving 
commands and data, a DES subroutine for the encrypting 
and/or decrypting operations, a verify subroutine for 
checking PIN numbers, a key code generating subroutine for 
generating a key code, etc. PROM 62, which is a 

programmable read only memory, is able to write in some data 
such as, for example, the PIN number, the account number, 
the transaction limit amount, the account balance 
information, the date when the card is used, the history of 
verifications, etc. Since P ROM 62 can store most of the 
information used in a transaction with a particular cards 
owner, which information was stored in the data base of the 
host system in the other embodiments described above, the 
memory capacity of the data base can be greatly reduced. 

Although illustrative embodiments of the invention have 
been described in detail with reference to the accompanying 
drawings, it is to be understood that the invention is not 
limited to those precise embodiments and that various 
changes and modifications may be effected therein by one 
skilled in the art without departing from the scope or 
spirit of the invention. For example, if it is necessary to 
keep the PIN number secret, even in the event the 
communication line is tapped, the encrypted PIN number may 
be transmitted by the on-line terminal as described, for • 
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example, in U.S Patent No. 4,123, 747. It is also possible 
to use preassigned code number PN instead of the PIN number 
as a code for selecting information from the naster cards. 
Furthermore, the encrypter in the ID card also can be used 
for encrypting all data which is transmitted through the 
communication line from the keyboard or the on-line 
termi nal • 



01.33386 

15 

CLAIMS 



1- A card (5) having a self-contained integrated circuit 
(17) for communicating with a data communication system (1, 
5 2, 3) with which the card is to be used, the integrated 
circuit including memory means (21, 51, 62) for storing data 
to be outputted to the communication system; characterised 
in that the memory means (21, 51, 62) stores a code number 
preassigned individually to the card (5) and in that the 

10 integrated circuit (17) further includes key code generating 
means (22) for generating a key code by a logical operation 
between the preassigned code number in the memory means (21, 
51, 62) and a random number supplied to the card (5) by the 
communication system (1, 2, 3), and encrypting means (25, 

15 53, 60) connected to the memory means (21, 51, 62) and the 
key code generating means (22) for encrypting data stored in 
the memory means and to be outputted to the communication 
system, using the key code derived from the key code 
generating means (22). 

2* A card according to claim 1 which further includes at 
le-ast one input terminal (19) adapted to connect 
electrically with a corresponding terminal of the 
communicating system and connected to the key code 
25 generating means (22), whereby the random number is 
suppl i ed. 
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3. A card according to claim 1 or claim 2, wherein the 
integrated circuit (17) further includes decrypting means 
(53) responsive to the received key code for decrypting 
input data from the communication system (1, 2, 3). 

4. A card according to claim 3, wherein the integrated 
circuit (17) has means (55) for writing the input data after 
decryption into the memory means (51). 
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